the only way these "I got x from the forum and within 3 minutes got 2 spam messages" can possibly have any meaning at all is if the people reporting these are changing their email addresses here at the site each time.

even so, as soon as an address is "harvested," it gets put out there on a list shared by spammers. once it's harvested, it's compromised.

that site notices from rendo come in "at the same time" as spam is most likely because of how most email clients are set to "check for new mail every 5 minutes."

the most significant evidence I've read in this thread are from the people who can have "any string" at their domain as an email address, thus allowing for unique and cryptic addresses, and who have changed their address here multiple times to specific psuedo-random strings.  reading about those cases proves to me that somewhere out in the tubes, rendo-specific addresses are being grabbed.  Tom's scenario is a very likely explanation of that.

in short, there's not much to be done except at the client end.  if you've got an address specific to renderosity, then whitelist renderosity for that mailbox and reject any email that doesn't come directly from renderosity.

if your address goes through the tubes, someone has seen it.

______________________________________________________________________________________

Check out my Elemental Hexagons deck, created with Photoshop, Bryce, MojoWorld, and Poser